1. Technical Field
The present invention relates generally to an improved data processing system and in particular to an improved data processing system having multiple processes and multiple resources. Still more particularly, the present invention provides a method, apparatus, and computer instructions for providing process-based access controls on multiple computer resources to multiple processes.
2. Description of Related Art
As computer systems become increasingly complex, the task of managing access to various system resources also becomes more difficult. System resources involved are not only limited to common shared file and program data. Resources such as network printers and physical memory also are shared among multiple processes on multiple systems. Control mechanisms are needed to ensure the resource access types, such as the form of access being requested. These accesses include, for example: read a file, write a file, bind a shared memory segment, and opening a device. Furthermore, control mechanisms that prevent propagation of enhanced privileges or access rights also are needed.
Various approaches to solve the problem of process-based access controls have been proposed. One access control system uses a set user identification bit (SUID) to change the effective user ID from the actual user to the owner of the executable file. As a result, during the execution of the program, the current user appears to be the owner of the executable file and all the data files accessible by the owner of the executable file are accessible to the program. However, this SUID exposes a potential security flaw and privilege leak. Since the SUID has meaning outside of the applications subsystem, the SUID can grant more privileges than an ordinary user may require. In addition, a privilege leak may occur when a program, granted root access, inadvertently executes another program, which results in a security violation.
Another proposed solution to solve the process-based access controls problem is called a Flask/Fluke concept. This concept uses an object manager to enforce security policy decisions on objects. A security policy labels the object with a set of security attributes called security context, which consists of attributes such as: user identity, classification level, and role. In one example implementation of Flask/Fluke, a process manager is responsible for ensuring each process is securely initialized. However, the process manager provides support for fork and execve operations, which means the security ID may be changed through an execve operation. In addition, Flask/Fluke lacks the ability to selectively alter the capabilities of the process based on the identity of the invoker or the path by which the process came to be executed.
Therefore, it would be advantageous to have an improved method, apparatus, and computer instructions for providing process-based access controls on computer resources by creating an identifier that has no meaning outside of the application, has no meaning if a given system resource that has not requested that specific identifier is required, and has a limited potential for security exposures. Moreover, it would be advantages to have a mechanism that provides a level of granularity to ensure that system resource access and corresponding access rights are limited a specific application.